Tangible damages are only a partial part of the cost equation. Intangible damages could actually factor a major
portion of loss, depending on the nature of your company.
"If I had a choice between doing business with two companies and one had been hard
hit due to lack of security policies, I know which one I'd do business with."
- Ross Wilson
"When business is disrupted, opportunities are lost. In this case, the key means of communication (email)
was affected for many companies," said Wilson.
"Reputations can also be damaged," he added. "If I had a choice between doing business with
two companies and one had been hard hit due to lack of security policies, I know which one I'd do business with."
Cleaning up your ugly boo-boo
Some companies which were infected, in turn sent the virus out to their clients.
In such a case, not just was the security of the company compromised, and communications compromised - their
own customers became victims, by their indirect involvement.
In such situations, not only do the companies have to deal with an embarrassing situation, they
will have to deal with irate customers.
"For the most part, organisations will email to anyone they suspect they might have sent an infected file,
apologizing and instructing to delete it," said Frances Ludgate from Computer Associates.
Let's just keep this a secret, shall we?
But not all corporations are as open, or willing to even admit that they had been affected. ZDNetAsia discovered
in the course of their research, that few companies were willing to talk about the extent of how business had been
"It is fairly safe to assume that the public will not make specific judgments about
organizations being untrustworthy..."
- Frances Ludgate
"We find that financial institutions are particularly averse to having their customers know that they have
had a virus infection, or security breach of any sort," said Ludgate.
"At the other end of the scale, universities almost expect to be regularly infected and do not try to hide
it at all. Other types of businesses fall in between these two extremes," she added.
Ludgate pointed out that customers would be less inclined to trust their money to a financial institution regularly
in the press for virus infections.
"On the other hand, it is fairly safe to assume that the public will not make specific judgments about
organizations being untrustworthy, unless they already feel that way about them," she said, noting that the
virus was so prolific that companies who had avoided being infected were being praised.
Companies which deal in sensitive matters - security, government agencies, banks, insurance companies and the
like, have their credibility at stake when it comes to attacks, said Ludgate, noting that such companies usually
budget security in and are already security conscious.